Issue #88 - Injection should be prevented in settings even if symlinks are used.

2026-05-17 05:48:43 +02:00 · 2016-12-14 11:06:07 +11:00
parent c809873f9a
commit 7946dccd5e
2 changed files with 4 additions and 3 deletions
--- a/classes/local/outagelib.php
+++ b/classes/local/outagelib.php
@@ -187,8 +187,8 @@ class outagelib {
        }
        self::$injectcalled = true;

-        // Do not inject into admin/settings.php, see Issue #65.
-        if ($_SERVER['SCRIPT_FILENAME'] === $CFG->dirroot.'/admin/settings.php') {
+        // Do not inject into admin/settings.php.
+        if ($_SERVER['SCRIPT_NAME'] == '/'.$CFG->admin.'/settings.php') {
            return false;
        }